For users who are not system administrators, the biggest impact of the Heartbleed vulnerability has been all the passwords that they have had to change. This, together with improvements in alternative authentication methods (like the fingerprint scanners now embedded in flagship smartphones), have caused some rather bold statements about passwords to be made. Passwords are out…

The promise of easy money remains the biggest motivation for cybercrime today. Cybercriminals thus make it their main objective to steal information that would lead them to the money, like online banking information. Once stolen, the information can be used to transfer funds illegally from victims’ accounts. In 2013, the total amount of money stolen…

Sometime near the start of the year, we noticed that the old malware family TSPY_USTEAL resurfaced. This information stealing malware now includes new routines including malicious packers, obfuscation, and bundling ransomware. TSPY_USTEAL variants were seen in the wild as early as 2009, and is known to steal sensitive information like machine details and passwords stored…

The recent Internet Explorer and Flash zero-days were not the only zero-day threats that hit recently. Last Friday, the Apache Struts group released an advisory (S2-021) detailing two vulnerabilities (CVE-2014-0112 and CVE-2014-0113), and potential mitigation steps until an official patch is issued. Apache Struts is a framework used to build and deploy Java-based web applications. In Apache…

Adobe has released a security advisory regarding a zero-day vulnerability (CVE-2014-0515) found in the program Adobe Flash. According to the advisory, the updates pertain to “Adobe Flash Player 13.0.0.182 and earlier versions for Windows, Adobe Flash Player 13.0.0.201 and earlier versions for Macintosh and Adobe Flash Player 11.2.202.350 and earlier versions for Linux.” Adobe has also acknowledged that…